1. CVE-Search
  2. CVE-2006-3168
ID CVE-2006-3168
Summary SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php.
References
Vulnerable Configurations
  • cpe:2.3:a:comscripts:cs-forum:*:*:*:*:*:*:*:*
    cpe:2.3:a:comscripts:cs-forum:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2018 - 16:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20060611 CS-Forum <= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure
confirm http://www.comscripts.com/scripts/php.cs-forum.643.html
misc http://www.acid-root.new.fr/advisories/csforum081.txt
osvdb
  • 26382
  • 26383
secunia 20534
sreason 1124
vupen ADV-2006-2314
xf csforum-read-index-sql-injection(27176)
Last major update 18-10-2018 - 16:46
Published 23-06-2006 - 00:02
Last modified 18-10-2018 - 16:46
Back to Top